Lucene search
GoogleOSV:CVE-2022-22969HistoryApr 21, 2022 - 7:15 p.m.
CVE-2022-22969
2022-04-2119:15:08
Google
osv.dev
6
0.001 Low
EPSS
Percentile
34.7%
<Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session. This vulnerability exposes OAuth 2.0 Client applications only.
| CPE | Name | Operator | Version |
|---|---|---|---|
| spring-security-oauth | eq | 2.5.1.RELEASE | |
| spring-security-oauth | eq | 2.5.0.RELEASE |
Related
veracode
veracode
Denial Of Service (DoS)
2022-04-22 01:30:09
spring
spring
CVE report published for Spring Security OAuth
2022-04-21 09:00:00
osv
osv
Denial of service in Spring Security OAuth2
2022-04-22 00:00:33
cnvd
cnvd
Pivotal Spring Security Oauth Resource Management Error Vulnerability
2022-04-24 00:00:00
prion
prion
Authorization
2022-04-21 19:15:00
cve
cve
CVE-2022-22969
2022-04-21 19:15:08
cvelist
cvelist
CVE-2022-22969
2022-04-21 18:16:02
ibm
ibm
nvd
nvd
CVE-2022-22969
2022-04-21 19:15:08
github
github
Denial of service in Spring Security OAuth2
2022-04-22 00:00:33
jvn
jvn
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00